Minimum Advertised SSL/TLS Version

The sslmin option is available to set a minimum advertised security level to mitigate using older, more vulnerable versions of SSL. One such problem is the poodle attack(CVE-2014-3566).

Oracle® Enterprise Session Border Controller uses OpenSSL in its SSL/TLS connections. Due to at least one vulnerability, the Poodle attack (CVE-2014-3566), SSLv3 is deemed insecure. Oracle Global Product Security (GPS) suggests that SSLv3 be disabled by default. Setting the option sslmin advertises the minimum version the server supports. The sslmin option works in conjunction with the tls-profile's tls-version parameter when it is set to compatibility. For profiles that negotiate to compatible versions, the sslmin option specifies the lowest TLS version allowed."

Note:

Note: The next SSL/TLS version after SSLv3 is TLS1.0.

In security-config, the sslmin option values can be: sslv3, tls1.0, tls1.1 or tls1.2. This change is platform-independent and applies to all Oracle® Enterprise Session Border Controller.

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents